sergey@total-knowledge.com
wrote:> In this case, I guess the solution is:>> In Header.csp>> <% if(request.hasAttribute("UserId")) { %>> <input type="hidden" name="userid" value="<%=
> request.getAttribute<std::string>("UserId") %>"> <% } %>>This isn't going to do you any good. You will not always have singleform to submit. This info should be kept inside of session.
> In UUServlet new operation>> void UUServlet::setEnvironment(HttpServletRequest& req){> string userid = req.getParameter("userid");> if(userid)> req.setAttribute("UserId", setattr_t(new string(userid)));
> }>No. User ID should be dealt with at login time, and saved in session.Do not pass it around the network all the time - it's waste of resources.> setEnvironment() can be used for setting other global parameters and will
> be called in each servlet service() function.>That might be good idea. Needs more detailed thinking. One thingis that you don't really want to rely on every service function callingthis explicitly (you'll forget to call it at some point in time, I can
guarantee you that ;-)> <snip getSessionInfo stuff>>You may want to change all that to key the temp login tableoff of session ID rather then user ID. This way you don't need tosave any extra info in session itself.

BTW, the alternative path (clearing the temp table after processingevery request) is also implementable - if we make our DB connection pooltake care of that.

>> Guys, don't forget that database connections will be
>> pooled. That means there will be different requests>> from _different_ users handled by the same connection.>> This, in turn, means that unless someone takes care>> of cleaning up the table after each request, there could
>> be more then one record in there.>>>>>> sergey@total-knowledge.com wrote:>>>>> Understood.>>> Here is my version:
>>>>>> bool isValid = false;>>> try {>>> CQuery qrySelect(&db,"select si_person from session_info");>>> qrySelect.open();>>> while ( !
qrySelect.eof() ) {>>> isValid = true;>>> qrySelect.fetch();>>> }>>> qrySelect.close();>>> }>>> catch (exception& e) {
>>> cout<<"\nError: " <<e.what();>>> }>>> return isValid;>>>>>>>>> I know it's supposed to be only one record in session_info table, but
>>> still prefer to loop since it's a select query.>>>>>>>>>>>>>>>>>>> Actually, the "no record test" is better to do not as:
>>>>>>>> if (!user_id)>>>>>>>> but as (right after query_open()):>>>>>>>> if (query.eof())>>>>>>>> 2007/3/15, Alexey Parshin <
alexeyp@gmail.com>:>>>>>>>>>>>>> int user_id = 0;>>>>> string user_name;>>>>> try {>>>>> Query query(&db,"select si_person, si_person_name from
>>>>> session_info");>>>>> query.open();>>>>> user_id = query[0];>>>>> user_name = query[1];>>>>> query.close
();>>>>> if (!user_id)>>>>> throw CException("User not logged in");>>>>> }>>>>> catch (exception& e) {>>>>> cout << "OOPS, " <<
e.what() << endl;>>>>> }>>>>>>>>>> 2007/3/15, sergey@total-knowledge.com <
sergey@total-knowledge.com>:>>>>>>>>>>>>>>>> In order to perform authentication on each application page I need to>>>>>> find>>>>>> out if user with certain ID exist in session_info table.
>>>>>> I want to make sure that I understand how it will work, so the>>>>>>>>>>>>>>>>> question>>>>>>>>>>
>>>>>> is:>>>>>>>>>>>> 1. If session_info table exist.>>>>>> AND>>>>>> 2. There is a one entry there (doesn't matter what the value is).
>>>>>>>>>>>> it means that current user is logged in.>>>>>>>>>>>> Is it true?>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -->>>>> Alexey Parshin,>>>>>
http://www.sptk.net>>>>>>>>>>>>>>>>>>> -->>>> Alexey Parshin,>>>> http://www.sptk.net
>>>>>>>>>>>>>>>>>>>> -->> Ilya A. Volynets-Evenbakh>> Total Knowledge. CTO>>
http://www.total-knowledge.com>>>>>>>>>